September 2025 - tbb-commits - lists.torproject.org

[Git][tpo/applications/mullvad-browser][mullvad-browser-140.3.0esr-15.0-1] 2 commits: Bug 1665334, r=mconley,fluent-reviewers,bolsson
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch mullvad-browser-140.3.0esr-15.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 0c2a0537 by Emma Zuehlcke at 2025-09-15T22:24:00+02:00 Bug 1665334, r=mconley,fluent-reviewers,bolsson Differential Revision: https://phabricator.services.mozilla.com/D257293 - - - - - 0a35fc2a by Makoto Kato at 2025-09-15T22:24:02+02:00 Bug 1974025 - Check scheme into Intent data. r=geckoview-reviewers,tcampbell,nalexander a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D256952 - - - - - 3 changed files: - browser/locales/en-US/browser/webrtcIndicator.ftl - browser/modules/webrtcUI.sys.mjs - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java Changes: ===================================== browser/locales/en-US/browser/webrtcIndicator.ftl ===================================== @@ -60,7 +60,7 @@ webrtc-screen-system-menu = ## These strings are only used on Mac for menus attached to icons ## near the clock on the mac menubar. ## Variables: -## $streamTitle (String): the title of the tab using the share. +## $streamTitle (String): the host of the tab using the share. ## $tabCount (Number): the title of the tab using the share. webrtc-indicator-menuitem-control-sharing = ===================================== browser/modules/webrtcUI.sys.mjs ===================================== @@ -983,8 +983,10 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { let stream = activeStreams[0]; const sharingItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; - doc.l10n.setAttributes(sharingItem, l10nIds[0], { streamTitle }); + const displayHost = getDisplayHostForStream(stream); + doc.l10n.setAttributes(sharingItem, l10nIds[0], { + streamTitle: displayHost, + }); sharingItem.setAttribute("disabled", "true"); menu.appendChild(sharingItem); @@ -1008,11 +1010,11 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { for (let stream of activeStreams) { const controlItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; + const displayHost = getDisplayHostForStream(stream); doc.l10n.setAttributes( controlItem, "webrtc-indicator-menuitem-control-sharing-on", - { streamTitle } + { streamTitle: displayHost } ); controlItem.stream = stream; controlItem.addEventListener("command", this); @@ -1021,6 +1023,25 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { } } +function getDisplayHostForStream(stream) { + let uri = Services.io.newURI(stream.uri); + + let displayHost; + + try { + displayHost = uri.displayHost; + } catch (ex) { + displayHost = null; + } + + // Host getter threw or returned "". Fall back to spec. + if (displayHost == null || displayHost == "") { + displayHost = uri.displaySpec; + } + + return displayHost; +} + function onTabSharingMenuPopupShowing(e) { const streams = webrtcUI.getActiveStreams(true, true, true, true); for (let streamInfo of streams) { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -89,7 +89,7 @@ public class IntentUtils { } if (("intent".equals(scheme) || "android-app".equals(scheme))) { - // Bug 1356893 - Rject intents with file data schemes. + // Bug 1356893 - Reject intents with file data schemes. return getSafeIntent(aUri) != null; } @@ -115,8 +115,11 @@ public class IntentUtils { } final Uri data = intent.getData(); - if (data != null && "file".equals(normalizeUriScheme(data).getScheme())) { - return null; + if (data != null) { + final String scheme = normalizeUriScheme(data).getScheme(); + if ("file".equals(scheme) || "fido".equals(scheme)) { + return null; + } } // Only open applications which can accept arbitrary data from a browser. View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/16… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/16… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser] Pushed new tag mullvad-browser-128.14.0esr-14.5-1-build3
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag mullvad-browser-128.14.0esr-14.5-1-build3 at The Tor Project / Applications / Mullvad Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/tree/mullv… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/mullvad-browser][mullvad-browser-128.14.0esr-14.5-1] 10 commits: Bug 1665334, r=mconley,fluent-reviewers,bolsson
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch mullvad-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Mullvad Browser Commits: febf4c83 by Emma Zuehlcke at 2025-09-15T22:21:22+02:00 Bug 1665334, r=mconley,fluent-reviewers,bolsson Differential Revision: https://phabricator.services.mozilla.com/D257293 - - - - - cc301f19 by Daniel Holbert at 2025-09-15T22:21:23+02:00 Bug 1970490: Use loading principal (rather than triggering principal) for CORS checks, by default. a=RyanVM This is essentially a backout of bug 1496505, putting its change behind a new off-by-default about:config pref[1] for now, in case there are use cases that require it. [1] content.cors.use_triggering_principal Original Revision: https://phabricator.services.mozilla.com/D252611 Differential Revision: https://phabricator.services.mozilla.com/D263611 - - - - - 111779ce by Makoto Kato at 2025-09-15T22:21:25+02:00 Bug 1974025 - Check scheme into Intent data. r=geckoview-reviewers,tcampbell,nalexander a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D256952 - - - - - 4c25597a by Jon Coppeard at 2025-09-15T22:21:26+02:00 Bug 1979502 - Check slices vector not empty before accessing the last slice r=sfink a=RyanVM |aborted| is reset to false at the end of a slice but GCRuntime::waitBackgroundSweepEnd can be called outside of a slice. Differential Revision: https://phabricator.services.mozilla.com/D260685 - - - - - ea3d5632 by longsonr at 2025-09-15T22:21:28+02:00 Bug 1980788 - Use std::size rather than hardcoding an array size a=RyanVM DONTBUILD Original Revision: https://phabricator.services.mozilla.com/D262967 Differential Revision: https://phabricator.services.mozilla.com/D263131 - - - - - ecda78b0 by Lee Salzman at 2025-09-15T22:21:29+02:00 Bug 1981283. r=ahale a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D260412 - - - - - aee1e3a4 by Jed Davis at 2025-09-15T22:21:30+02:00 Bug 1982763 - Re-add `CLONE_NEWIPC` to the Linux GMP sandbox. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D260923 Differential Revision: https://phabricator.services.mozilla.com/D263007 - - - - - 58c8b96e by Lee Salzman at 2025-09-15T22:21:32+02:00 Bug 1984825. r=jnicol a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D262611 - - - - - 67e9d857 by Lee Salzman at 2025-09-15T22:21:33+02:00 Bug 1985067. r=jnicol a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D262614 - - - - - 658910d2 by Lee Salzman at 2025-09-15T22:21:35+02:00 Bug 1986185. r=aosmond a=RyanVM Backported manually to 128esr, see BB 44199 Differential Revision: https://phabricator.services.mozilla.com/D263287 - - - - - 12 changed files: - browser/locales/en-US/browser/webrtcIndicator.ftl - browser/modules/webrtcUI.sys.mjs - dom/canvas/WebGLContext.cpp - dom/security/nsContentSecurityManager.cpp - gfx/2d/FilterProcessingScalar.cpp - gfx/2d/InlineTranslator.h - gfx/layers/ipc/CanvasTranslator.cpp - js/src/gc/Statistics.cpp - layout/printing/PrintTranslator.h - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java - modules/libpref/init/StaticPrefList.yaml - security/sandbox/linux/launch/SandboxLaunch.cpp Changes: ===================================== browser/locales/en-US/browser/webrtcIndicator.ftl ===================================== @@ -60,7 +60,7 @@ webrtc-screen-system-menu = ## These strings are only used on Mac for menus attached to icons ## near the clock on the mac menubar. ## Variables: -## $streamTitle (String): the title of the tab using the share. +## $streamTitle (String): the host of the tab using the share. ## $tabCount (Number): the title of the tab using the share. webrtc-indicator-menuitem-control-sharing = ===================================== browser/modules/webrtcUI.sys.mjs ===================================== @@ -1048,8 +1048,10 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { let stream = activeStreams[0]; const sharingItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; - doc.l10n.setAttributes(sharingItem, l10nIds[0], { streamTitle }); + const displayHost = getDisplayHostForStream(stream); + doc.l10n.setAttributes(sharingItem, l10nIds[0], { + streamTitle: displayHost, + }); sharingItem.setAttribute("disabled", "true"); menu.appendChild(sharingItem); @@ -1073,11 +1075,11 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { for (let stream of activeStreams) { const controlItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; + const displayHost = getDisplayHostForStream(stream); doc.l10n.setAttributes( controlItem, "webrtc-indicator-menuitem-control-sharing-on", - { streamTitle } + { streamTitle: displayHost } ); controlItem.stream = stream; controlItem.addEventListener("command", this); @@ -1086,6 +1088,25 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { } } +function getDisplayHostForStream(stream) { + let uri = Services.io.newURI(stream.uri); + + let displayHost; + + try { + displayHost = uri.displayHost; + } catch (ex) { + displayHost = null; + } + + // Host getter threw or returned "". Fall back to spec. + if (displayHost == null || displayHost == "") { + displayHost = uri.displaySpec; + } + + return displayHost; +} + function onTabSharingMenuPopupShowing(e) { const streams = webrtcUI.getActiveStreams(true, true, true, true); for (let streamInfo of streams) { ===================================== dom/canvas/WebGLContext.cpp ===================================== @@ -7,8 +7,9 @@ #include <algorithm> #include <bitset> +#include <cctype> +#include <iterator> #include <queue> -#include <regex> #include "AccessCheck.h" #include "CompositableHost.h" @@ -2204,30 +2205,59 @@ Maybe<std::string> WebGLContext::GetString(const GLenum pname) const { // --------------------------------- Maybe<webgl::IndexedName> webgl::ParseIndexed(const std::string& str) { - static const std::regex kRegex("(.*)\\[([0-9]+)\\]"); - - std::smatch match; - if (!std::regex_match(str, match, kRegex)) return {}; + // Check if the string ends with a close bracket + if (str.size() < 2 || str.back() != ']') { + return {}; + } + // Search for the open bracket, only allow digits between brackets + const size_t closeBracket = str.size() - 1; + size_t openBracket = closeBracket; + for (;;) { + char c = str[--openBracket]; + if (isdigit(c)) { + if (openBracket <= 0) { + // At the beginning of string without an open bracket + return {}; + } + } else if (c == '[') { + // Found the open bracket + break; + } else { + // Found a non-digit + return {}; + } + } - const auto index = std::stoull(match[2]); - return Some(webgl::IndexedName{match[1], index}); + // Ensure non-empty digit sequence + size_t firstDigit = openBracket + 1; + if (firstDigit >= closeBracket) { + return {}; + } + const auto index = + std::stoull(str.substr(firstDigit, closeBracket - firstDigit)); + std::string name = str.substr(0, openBracket); + return Some(webgl::IndexedName{name, index}); } // ExplodeName("foo.bar[3].x") -> ["foo", ".", "bar", "[", "3", "]", ".", "x"] static std::vector<std::string> ExplodeName(const std::string& str) { std::vector<std::string> ret; - - static const std::regex kSep("[.[\\]]"); - - auto itr = std::regex_token_iterator<decltype(str.begin())>( - str.begin(), str.end(), kSep, {-1, 0}); - const auto end = decltype(itr)(); - - for (; itr != end; ++itr) { - const auto& part = itr->str(); - if (part.size()) { - ret.push_back(part); + size_t curPos = 0; + while (curPos < str.size()) { + // Find the next separator + size_t nextPos = str.find_first_of(".[]", curPos); + if (nextPos == std::string::npos) { + // If no separator found, add remaining substring + ret.push_back(str.substr(curPos)); + break; + } + // Add string between separators, if not empty + if (curPos < nextPos) { + ret.push_back(str.substr(curPos, nextPos - curPos)); } + // Add the separator + ret.push_back(str.substr(nextPos, 1)); + curPos = nextPos + 1; } return ret; } ===================================== dom/security/nsContentSecurityManager.cpp ===================================== @@ -45,6 +45,7 @@ #include "mozilla/Logging.h" #include "mozilla/Maybe.h" #include "mozilla/Preferences.h" +#include "mozilla/StaticPrefs_content.h" #include "mozilla/StaticPrefs_dom.h" #include "mozilla/StaticPrefs_security.h" #include "mozilla/Telemetry.h" @@ -364,10 +365,17 @@ static nsresult DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo, return NS_OK; } - // We use the triggering principal here, rather than the loading principal - // to ensure that anonymous CORS content in the browser resources and in - // WebExtensions is allowed to load. - nsIPrincipal* principal = aLoadInfo->TriggeringPrincipal(); + nsIPrincipal* principal = aLoadInfo->GetLoadingPrincipal(); + if (StaticPrefs::content_cors_use_triggering_principal()) { + // We use the triggering principal here, rather than the loading principal, + // to ensure that WebExtensions can reuse their own resources from content + // that they inject into a page. + // + // TODO(dholbert): Is there actually a legitimate reason that WebExtensions + // might need this (as opposed to exposing their resources for use in + // web-content via the 'web_accessible_resources' manifest field)? + principal = aLoadInfo->TriggeringPrincipal(); + } RefPtr<nsCORSListenerProxy> corsListener = new nsCORSListenerProxy( aInAndOutListener, principal, aLoadInfo->GetCookiePolicy() == nsILoadInfo::SEC_COOKIES_INCLUDE); ===================================== gfx/2d/FilterProcessingScalar.cpp ===================================== @@ -47,12 +47,12 @@ static void ApplyMorphologyHorizontal_Scalar( x++, startX++, endX++) { int32_t sourceIndex = y * aSourceStride + 4 * startX; uint8_t u[4]; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { u[i] = aSourceData[sourceIndex + i]; } sourceIndex += 4; for (int32_t ix = startX + 1; ix <= endX; ix++, sourceIndex += 4) { - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { if (Operator == MORPHOLOGY_OPERATOR_ERODE) { u[i] = umin(u[i], aSourceData[sourceIndex + i]); } else { @@ -62,7 +62,7 @@ static void ApplyMorphologyHorizontal_Scalar( } int32_t destIndex = y * aDestStride + 4 * x; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { aDestData[destIndex + i] = u[i]; } } @@ -97,13 +97,13 @@ static void ApplyMorphologyVertical_Scalar( for (int32_t x = aDestRect.X(); x < aDestRect.XMost(); x++) { int32_t sourceIndex = startY * aSourceStride + 4 * x; uint8_t u[4]; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { u[i] = aSourceData[sourceIndex + i]; } sourceIndex += aSourceStride; for (int32_t iy = startY + 1; iy <= endY; iy++, sourceIndex += aSourceStride) { - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { if (Operator == MORPHOLOGY_OPERATOR_ERODE) { u[i] = umin(u[i], aSourceData[sourceIndex + i]); } else { @@ -113,7 +113,7 @@ static void ApplyMorphologyVertical_Scalar( } int32_t destIndex = y * aDestStride + 4 * x; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { aDestData[destIndex + i] = u[i]; } } ===================================== gfx/2d/InlineTranslator.h ===================================== @@ -92,7 +92,11 @@ class InlineTranslator : public Translator { already_AddRefed<SourceSurface> LookupExternalSurface(uint64_t aKey) override; void AddDrawTarget(ReferencePtr aRefPtr, DrawTarget* aDT) final { - mDrawTargets.InsertOrUpdate(aRefPtr, RefPtr{aDT}); + RefPtr<DrawTarget>& value = mDrawTargets.LookupOrInsert(aRefPtr); + if (mCurrentDT && mCurrentDT == value) { + mCurrentDT = nullptr; + } + value = aDT; } void AddPath(ReferencePtr aRefPtr, Path* aPath) final { ===================================== gfx/layers/ipc/CanvasTranslator.cpp ===================================== @@ -189,6 +189,10 @@ mozilla::ipc::IPCResult CanvasTranslator::RecvInitTranslator( } // Use the first buffer as our current buffer. + if (aBufferHandles.IsEmpty()) { + Deactivate(); + return IPC_FAIL(this, "No canvas buffer shared memory supplied."); + } mDefaultBufferSize = aBufferSize; auto handleIter = aBufferHandles.begin(); if (!CreateAndMapShmem(mCurrentShmem.shmem, std::move(*handleIter), @@ -365,11 +369,19 @@ void CanvasTranslator::GetDataSurface(uint64_t aSurfaceRef) { } void CanvasTranslator::RecycleBuffer() { + if (!mCurrentShmem.IsValid()) { + return; + } + mCanvasShmems.emplace(std::move(mCurrentShmem)); NextBuffer(); } void CanvasTranslator::NextBuffer() { + if (mCanvasShmems.empty()) { + return; + } + // Check and signal the writer when we finish with a buffer, because it // might have hit the buffer count limit and be waiting to use our old one. CheckAndSignalWriter(); ===================================== js/src/gc/Statistics.cpp ===================================== @@ -1518,7 +1518,7 @@ void Statistics::recordParallelPhase(PhaseKind phaseKind, TimeDuration duration) { MOZ_ASSERT(CurrentThreadCanAccessRuntime(gc->rt)); - if (aborted) { + if (slices_.empty()) { return; } ===================================== layout/printing/PrintTranslator.h ===================================== @@ -85,7 +85,11 @@ class PrintTranslator final : public Translator { } void AddDrawTarget(ReferencePtr aRefPtr, DrawTarget* aDT) final { - mDrawTargets.InsertOrUpdate(aRefPtr, RefPtr{aDT}); + RefPtr<DrawTarget>& value = mDrawTargets.LookupOrInsert(aRefPtr); + if (mCurrentDT && mCurrentDT == value) { + mCurrentDT = nullptr; + } + value = aDT; } void AddPath(ReferencePtr aRefPtr, Path* aPath) final { @@ -119,11 +123,11 @@ class PrintTranslator final : public Translator { } void RemoveDrawTarget(ReferencePtr aRefPtr) final { - ReferencePtr currentDT = mCurrentDT; - if (currentDT == aRefPtr) { + RefPtr<DrawTarget> removedDT; + if (mDrawTargets.Remove(aRefPtr, getter_AddRefs(removedDT)) && + mCurrentDT == removedDT) { mCurrentDT = nullptr; } - mDrawTargets.Remove(aRefPtr); } bool SetCurrentDrawTarget(ReferencePtr aRefPtr) final { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -72,7 +72,7 @@ public class IntentUtils { } if (("intent".equals(scheme) || "android-app".equals(scheme))) { - // Bug 1356893 - Rject intents with file data schemes. + // Bug 1356893 - Reject intents with file data schemes. return getSafeIntent(aUri) != null; } @@ -98,8 +98,11 @@ public class IntentUtils { } final Uri data = intent.getData(); - if (data != null && "file".equals(normalizeUriScheme(data).getScheme())) { - return null; + if (data != null) { + final String scheme = normalizeUriScheme(data).getScheme(); + if ("file".equals(scheme) || "fido".equals(scheme)) { + return null; + } } // Only open applications which can accept arbitrary data from a browser. ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -1953,6 +1953,14 @@ value: false mirror: always +# If true, we'll use the triggering principal rather than the loading principal +# when doing CORS checks. This might be needed for WebExtensions to load their +# own resources from content that they inject into sites. +- name: content.cors.use_triggering_principal + type: bool + value: false + mirror: always + # Back off timer notification after count. # -1 means never. - name: content.notify.backoffcount ===================================== security/sandbox/linux/launch/SandboxLaunch.cpp ===================================== @@ -304,6 +304,8 @@ void SandboxLaunch::Configure(GeckoProcessType aType, SandboxingKind aKind, return; } + // Warning: don't combine multiple case labels, even if the code is + // currently the same, to avoid mistakes when changes are made. switch (aType) { case GeckoProcessType_Socket: if (level >= 1) { @@ -312,6 +314,12 @@ void SandboxLaunch::Configure(GeckoProcessType aType, SandboxingKind aKind, } break; case GeckoProcessType_GMPlugin: + if (level >= 1) { + canChroot = true; + flags |= CLONE_NEWIPC; + flags |= CLONE_NEWNET; + } + break; case GeckoProcessType_RDD: if (level >= 1) { canChroot = true; View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/66… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/66… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-140.3.0esr-15.0-1-build2
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag tor-browser-140.3.0esr-15.0-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-140.3.0esr-15.0-1] 2 commits: Bug 1665334, r=mconley,fluent-reviewers,bolsson
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch tor-browser-140.3.0esr-15.0-1 at The Tor Project / Applications / Tor Browser Commits: 2cb4c1cb by Emma Zuehlcke at 2025-09-15T18:45:34+02:00 Bug 1665334, r=mconley,fluent-reviewers,bolsson Differential Revision: https://phabricator.services.mozilla.com/D257293 - - - - - 61800199 by Makoto Kato at 2025-09-15T19:20:12+02:00 Bug 1974025 - Check scheme into Intent data. r=geckoview-reviewers,tcampbell,nalexander a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D256952 - - - - - 3 changed files: - browser/locales/en-US/browser/webrtcIndicator.ftl - browser/modules/webrtcUI.sys.mjs - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java Changes: ===================================== browser/locales/en-US/browser/webrtcIndicator.ftl ===================================== @@ -60,7 +60,7 @@ webrtc-screen-system-menu = ## These strings are only used on Mac for menus attached to icons ## near the clock on the mac menubar. ## Variables: -## $streamTitle (String): the title of the tab using the share. +## $streamTitle (String): the host of the tab using the share. ## $tabCount (Number): the title of the tab using the share. webrtc-indicator-menuitem-control-sharing = ===================================== browser/modules/webrtcUI.sys.mjs ===================================== @@ -983,8 +983,10 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { let stream = activeStreams[0]; const sharingItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; - doc.l10n.setAttributes(sharingItem, l10nIds[0], { streamTitle }); + const displayHost = getDisplayHostForStream(stream); + doc.l10n.setAttributes(sharingItem, l10nIds[0], { + streamTitle: displayHost, + }); sharingItem.setAttribute("disabled", "true"); menu.appendChild(sharingItem); @@ -1008,11 +1010,11 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { for (let stream of activeStreams) { const controlItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; + const displayHost = getDisplayHostForStream(stream); doc.l10n.setAttributes( controlItem, "webrtc-indicator-menuitem-control-sharing-on", - { streamTitle } + { streamTitle: displayHost } ); controlItem.stream = stream; controlItem.addEventListener("command", this); @@ -1021,6 +1023,25 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { } } +function getDisplayHostForStream(stream) { + let uri = Services.io.newURI(stream.uri); + + let displayHost; + + try { + displayHost = uri.displayHost; + } catch (ex) { + displayHost = null; + } + + // Host getter threw or returned "". Fall back to spec. + if (displayHost == null || displayHost == "") { + displayHost = uri.displaySpec; + } + + return displayHost; +} + function onTabSharingMenuPopupShowing(e) { const streams = webrtcUI.getActiveStreams(true, true, true, true); for (let streamInfo of streams) { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -89,7 +89,7 @@ public class IntentUtils { } if (("intent".equals(scheme) || "android-app".equals(scheme))) { - // Bug 1356893 - Rject intents with file data schemes. + // Bug 1356893 - Reject intents with file data schemes. return getSafeIntent(aUri) != null; } @@ -115,8 +115,11 @@ public class IntentUtils { } final Uri data = intent.getData(); - if (data != null && "file".equals(normalizeUriScheme(data).getScheme())) { - return null; + if (data != null) { + final String scheme = normalizeUriScheme(data).getScheme(); + if ("file".equals(scheme) || "fido".equals(scheme)) { + return null; + } } // Only open applications which can accept arbitrary data from a browser. View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e0d93d… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/e0d93d… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-115.28.0esr-13.5-1-build2
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag tor-browser-115.28.0esr-13.5-1-build2 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-115.28.0esr-13.5-1] 4 commits: Bug 1970490: Use loading principal (rather than triggering principal) for CORS...
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch tor-browser-115.28.0esr-13.5-1 at The Tor Project / Applications / Tor Browser Commits: 2bd05cc0 by Daniel Holbert at 2025-09-15T19:02:10+02:00 Bug 1970490: Use loading principal (rather than triggering principal) for CORS checks, by default. a=RyanVM This is essentially a backout of bug 1496505, putting its change behind a new off-by-default about:config pref[1] for now, in case there are use cases that require it. [1] content.cors.use_triggering_principal Original Revision: https://phabricator.services.mozilla.com/D252611 Differential Revision: https://phabricator.services.mozilla.com/D263611 - - - - - ecda4d58 by Jon Coppeard at 2025-09-15T19:36:49+02:00 Bug 1979502 - Check slices vector not empty before accessing the last slice r=sfink a=RyanVM |aborted| is reset to false at the end of a slice but GCRuntime::waitBackgroundSweepEnd can be called outside of a slice. Differential Revision: https://phabricator.services.mozilla.com/D260685 - - - - - 688debf8 by Lee Salzman at 2025-09-15T19:57:24+02:00 Bug 1981283. r=ahale a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D260412 - - - - - 1a51c17d by Jed Davis at 2025-09-15T20:11:50+02:00 Bug 1982763 - Re-add `CLONE_NEWIPC` to the Linux GMP sandbox. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D260923 Differential Revision: https://phabricator.services.mozilla.com/D263007 - - - - - 5 changed files: - dom/canvas/WebGLContext.cpp - dom/security/nsContentSecurityManager.cpp - js/src/gc/Statistics.cpp - modules/libpref/init/StaticPrefList.yaml - security/sandbox/linux/launch/SandboxLaunch.cpp Changes: ===================================== dom/canvas/WebGLContext.cpp ===================================== @@ -7,8 +7,9 @@ #include <algorithm> #include <bitset> +#include <cctype> +#include <iterator> #include <queue> -#include <regex> #include "AccessCheck.h" #include "CompositableHost.h" @@ -2011,30 +2012,59 @@ Maybe<std::string> WebGLContext::GetString(const GLenum pname) const { // --------------------------------- Maybe<webgl::IndexedName> webgl::ParseIndexed(const std::string& str) { - static const std::regex kRegex("(.*)\\[([0-9]+)\\]"); - - std::smatch match; - if (!std::regex_match(str, match, kRegex)) return {}; + // Check if the string ends with a close bracket + if (str.size() < 2 || str.back() != ']') { + return {}; + } + // Search for the open bracket, only allow digits between brackets + const size_t closeBracket = str.size() - 1; + size_t openBracket = closeBracket; + for (;;) { + char c = str[--openBracket]; + if (isdigit(c)) { + if (openBracket <= 0) { + // At the beginning of string without an open bracket + return {}; + } + } else if (c == '[') { + // Found the open bracket + break; + } else { + // Found a non-digit + return {}; + } + } - const auto index = std::stoull(match[2]); - return Some(webgl::IndexedName{match[1], index}); + // Ensure non-empty digit sequence + size_t firstDigit = openBracket + 1; + if (firstDigit >= closeBracket) { + return {}; + } + const auto index = + std::stoull(str.substr(firstDigit, closeBracket - firstDigit)); + std::string name = str.substr(0, openBracket); + return Some(webgl::IndexedName{name, index}); } // ExplodeName("foo.bar[3].x") -> ["foo", ".", "bar", "[", "3", "]", ".", "x"] static std::vector<std::string> ExplodeName(const std::string& str) { std::vector<std::string> ret; - - static const std::regex kSep("[.[\\]]"); - - auto itr = std::regex_token_iterator<decltype(str.begin())>( - str.begin(), str.end(), kSep, {-1, 0}); - const auto end = decltype(itr)(); - - for (; itr != end; ++itr) { - const auto& part = itr->str(); - if (part.size()) { - ret.push_back(part); + size_t curPos = 0; + while (curPos < str.size()) { + // Find the next separator + size_t nextPos = str.find_first_of(".[]", curPos); + if (nextPos == std::string::npos) { + // If no separator found, add remaining substring + ret.push_back(str.substr(curPos)); + break; + } + // Add string between separators, if not empty + if (curPos < nextPos) { + ret.push_back(str.substr(curPos, nextPos - curPos)); } + // Add the separator + ret.push_back(str.substr(nextPos, 1)); + curPos = nextPos + 1; } return ret; } ===================================== dom/security/nsContentSecurityManager.cpp ===================================== @@ -45,6 +45,7 @@ #include "mozilla/Logging.h" #include "mozilla/Maybe.h" #include "mozilla/Preferences.h" +#include "mozilla/StaticPrefs_content.h" #include "mozilla/StaticPrefs_dom.h" #include "mozilla/StaticPrefs_security.h" #include "mozilla/Telemetry.h" @@ -364,10 +365,17 @@ static nsresult DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo, return NS_OK; } - // We use the triggering principal here, rather than the loading principal - // to ensure that anonymous CORS content in the browser resources and in - // WebExtensions is allowed to load. - nsIPrincipal* principal = aLoadInfo->TriggeringPrincipal(); + nsIPrincipal* principal = aLoadInfo->GetLoadingPrincipal(); + if (StaticPrefs::content_cors_use_triggering_principal()) { + // We use the triggering principal here, rather than the loading principal, + // to ensure that WebExtensions can reuse their own resources from content + // that they inject into a page. + // + // TODO(dholbert): Is there actually a legitimate reason that WebExtensions + // might need this (as opposed to exposing their resources for use in + // web-content via the 'web_accessible_resources' manifest field)? + principal = aLoadInfo->TriggeringPrincipal(); + } RefPtr<nsCORSListenerProxy> corsListener = new nsCORSListenerProxy( aInAndOutListener, principal, aLoadInfo->GetCookiePolicy() == nsILoadInfo::SEC_COOKIES_INCLUDE); ===================================== js/src/gc/Statistics.cpp ===================================== @@ -1515,7 +1515,7 @@ void Statistics::recordParallelPhase(PhaseKind phaseKind, TimeDuration duration) { MOZ_ASSERT(CurrentThreadCanAccessRuntime(gc->rt)); - if (aborted) { + if (slices_.empty()) { return; } ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -1915,6 +1915,14 @@ value: false mirror: always +# If true, we'll use the triggering principal rather than the loading principal +# when doing CORS checks. This might be needed for WebExtensions to load their +# own resources from content that they inject into sites. +- name: content.cors.use_triggering_principal + type: bool + value: false + mirror: always + # Back off timer notification after count. # -1 means never. - name: content.notify.backoffcount ===================================== security/sandbox/linux/launch/SandboxLaunch.cpp ===================================== @@ -317,6 +317,8 @@ void SandboxLaunchPrepare(GeckoProcessType aType, return; } + // Warning: don't combine multiple case labels, even if the code is + // currently the same, to avoid mistakes when changes are made. switch (aType) { case GeckoProcessType_Socket: if (level >= 1) { @@ -325,6 +327,12 @@ void SandboxLaunchPrepare(GeckoProcessType aType, } break; case GeckoProcessType_GMPlugin: + if (level >= 1) { + canChroot = true; + flags |= CLONE_NEWIPC; + flags |= CLONE_NEWNET; + } + break; case GeckoProcessType_RDD: if (level >= 1) { canChroot = true; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0ae6e8… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/0ae6e8… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser] Pushed new tag tor-browser-128.14.0esr-14.5-1-build3
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed new tag tor-browser-128.14.0esr-14.5-1-build3 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/tor-brows… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-128.14.0esr-14.5-1] 10 commits: Bug 1665334, r=mconley,fluent-reviewers,bolsson
by ma1 (＠ma1) 15 Sep '25

15 Sep '25

ma1 pushed to branch tor-browser-128.14.0esr-14.5-1 at The Tor Project / Applications / Tor Browser Commits: 2886bc79 by Emma Zuehlcke at 2025-09-15T17:37:23+02:00 Bug 1665334, r=mconley,fluent-reviewers,bolsson Differential Revision: https://phabricator.services.mozilla.com/D257293 - - - - - f26c48dc by Daniel Holbert at 2025-09-15T19:00:18+02:00 Bug 1970490: Use loading principal (rather than triggering principal) for CORS checks, by default. a=RyanVM This is essentially a backout of bug 1496505, putting its change behind a new off-by-default about:config pref[1] for now, in case there are use cases that require it. [1] content.cors.use_triggering_principal Original Revision: https://phabricator.services.mozilla.com/D252611 Differential Revision: https://phabricator.services.mozilla.com/D263611 - - - - - 6c8a1f0f by Makoto Kato at 2025-09-15T19:21:35+02:00 Bug 1974025 - Check scheme into Intent data. r=geckoview-reviewers,tcampbell,nalexander a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D256952 - - - - - 81543294 by Jon Coppeard at 2025-09-15T19:34:28+02:00 Bug 1979502 - Check slices vector not empty before accessing the last slice r=sfink a=RyanVM |aborted| is reset to false at the end of a slice but GCRuntime::waitBackgroundSweepEnd can be called outside of a slice. Differential Revision: https://phabricator.services.mozilla.com/D260685 - - - - - 11317e5a by longsonr at 2025-09-15T19:55:19+02:00 Bug 1980788 - Use std::size rather than hardcoding an array size a=RyanVM DONTBUILD Original Revision: https://phabricator.services.mozilla.com/D262967 Differential Revision: https://phabricator.services.mozilla.com/D263131 - - - - - 9b2fe8ef by Lee Salzman at 2025-09-15T19:59:04+02:00 Bug 1981283. r=ahale a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D260412 - - - - - 2517a786 by Jed Davis at 2025-09-15T20:07:53+02:00 Bug 1982763 - Re-add `CLONE_NEWIPC` to the Linux GMP sandbox. a=RyanVM Original Revision: https://phabricator.services.mozilla.com/D260923 Differential Revision: https://phabricator.services.mozilla.com/D263007 - - - - - 4cf3c86c by Lee Salzman at 2025-09-15T20:12:58+02:00 Bug 1984825. r=jnicol a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D262611 - - - - - 85d7a5cb by Lee Salzman at 2025-09-15T20:13:42+02:00 Bug 1985067. r=jnicol a=RyanVM Differential Revision: https://phabricator.services.mozilla.com/D262614 - - - - - df081c6c by Lee Salzman at 2025-09-15T20:39:59+02:00 Bug 1986185. r=aosmond a=RyanVM Backported manually to 128esr, see BB 44199 Differential Revision: https://phabricator.services.mozilla.com/D263287 - - - - - 12 changed files: - browser/locales/en-US/browser/webrtcIndicator.ftl - browser/modules/webrtcUI.sys.mjs - dom/canvas/WebGLContext.cpp - dom/security/nsContentSecurityManager.cpp - gfx/2d/FilterProcessingScalar.cpp - gfx/2d/InlineTranslator.h - gfx/layers/ipc/CanvasTranslator.cpp - js/src/gc/Statistics.cpp - layout/printing/PrintTranslator.h - mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java - modules/libpref/init/StaticPrefList.yaml - security/sandbox/linux/launch/SandboxLaunch.cpp Changes: ===================================== browser/locales/en-US/browser/webrtcIndicator.ftl ===================================== @@ -60,7 +60,7 @@ webrtc-screen-system-menu = ## These strings are only used on Mac for menus attached to icons ## near the clock on the mac menubar. ## Variables: -## $streamTitle (String): the title of the tab using the share. +## $streamTitle (String): the host of the tab using the share. ## $tabCount (Number): the title of the tab using the share. webrtc-indicator-menuitem-control-sharing = ===================================== browser/modules/webrtcUI.sys.mjs ===================================== @@ -1048,8 +1048,10 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { let stream = activeStreams[0]; const sharingItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; - doc.l10n.setAttributes(sharingItem, l10nIds[0], { streamTitle }); + const displayHost = getDisplayHostForStream(stream); + doc.l10n.setAttributes(sharingItem, l10nIds[0], { + streamTitle: displayHost, + }); sharingItem.setAttribute("disabled", "true"); menu.appendChild(sharingItem); @@ -1073,11 +1075,11 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { for (let stream of activeStreams) { const controlItem = doc.createXULElement("menuitem"); - const streamTitle = stream.browser.contentTitle || stream.uri; + const displayHost = getDisplayHostForStream(stream); doc.l10n.setAttributes( controlItem, "webrtc-indicator-menuitem-control-sharing-on", - { streamTitle } + { streamTitle: displayHost } ); controlItem.stream = stream; controlItem.addEventListener("command", this); @@ -1086,6 +1088,25 @@ export function showStreamSharingMenu(win, event, inclWindow = false) { } } +function getDisplayHostForStream(stream) { + let uri = Services.io.newURI(stream.uri); + + let displayHost; + + try { + displayHost = uri.displayHost; + } catch (ex) { + displayHost = null; + } + + // Host getter threw or returned "". Fall back to spec. + if (displayHost == null || displayHost == "") { + displayHost = uri.displaySpec; + } + + return displayHost; +} + function onTabSharingMenuPopupShowing(e) { const streams = webrtcUI.getActiveStreams(true, true, true, true); for (let streamInfo of streams) { ===================================== dom/canvas/WebGLContext.cpp ===================================== @@ -7,8 +7,9 @@ #include <algorithm> #include <bitset> +#include <cctype> +#include <iterator> #include <queue> -#include <regex> #include "AccessCheck.h" #include "CompositableHost.h" @@ -2204,30 +2205,59 @@ Maybe<std::string> WebGLContext::GetString(const GLenum pname) const { // --------------------------------- Maybe<webgl::IndexedName> webgl::ParseIndexed(const std::string& str) { - static const std::regex kRegex("(.*)\\[([0-9]+)\\]"); - - std::smatch match; - if (!std::regex_match(str, match, kRegex)) return {}; + // Check if the string ends with a close bracket + if (str.size() < 2 || str.back() != ']') { + return {}; + } + // Search for the open bracket, only allow digits between brackets + const size_t closeBracket = str.size() - 1; + size_t openBracket = closeBracket; + for (;;) { + char c = str[--openBracket]; + if (isdigit(c)) { + if (openBracket <= 0) { + // At the beginning of string without an open bracket + return {}; + } + } else if (c == '[') { + // Found the open bracket + break; + } else { + // Found a non-digit + return {}; + } + } - const auto index = std::stoull(match[2]); - return Some(webgl::IndexedName{match[1], index}); + // Ensure non-empty digit sequence + size_t firstDigit = openBracket + 1; + if (firstDigit >= closeBracket) { + return {}; + } + const auto index = + std::stoull(str.substr(firstDigit, closeBracket - firstDigit)); + std::string name = str.substr(0, openBracket); + return Some(webgl::IndexedName{name, index}); } // ExplodeName("foo.bar[3].x") -> ["foo", ".", "bar", "[", "3", "]", ".", "x"] static std::vector<std::string> ExplodeName(const std::string& str) { std::vector<std::string> ret; - - static const std::regex kSep("[.[\\]]"); - - auto itr = std::regex_token_iterator<decltype(str.begin())>( - str.begin(), str.end(), kSep, {-1, 0}); - const auto end = decltype(itr)(); - - for (; itr != end; ++itr) { - const auto& part = itr->str(); - if (part.size()) { - ret.push_back(part); + size_t curPos = 0; + while (curPos < str.size()) { + // Find the next separator + size_t nextPos = str.find_first_of(".[]", curPos); + if (nextPos == std::string::npos) { + // If no separator found, add remaining substring + ret.push_back(str.substr(curPos)); + break; + } + // Add string between separators, if not empty + if (curPos < nextPos) { + ret.push_back(str.substr(curPos, nextPos - curPos)); } + // Add the separator + ret.push_back(str.substr(nextPos, 1)); + curPos = nextPos + 1; } return ret; } ===================================== dom/security/nsContentSecurityManager.cpp ===================================== @@ -45,6 +45,7 @@ #include "mozilla/Logging.h" #include "mozilla/Maybe.h" #include "mozilla/Preferences.h" +#include "mozilla/StaticPrefs_content.h" #include "mozilla/StaticPrefs_dom.h" #include "mozilla/StaticPrefs_security.h" #include "mozilla/Telemetry.h" @@ -364,10 +365,17 @@ static nsresult DoCORSChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo, return NS_OK; } - // We use the triggering principal here, rather than the loading principal - // to ensure that anonymous CORS content in the browser resources and in - // WebExtensions is allowed to load. - nsIPrincipal* principal = aLoadInfo->TriggeringPrincipal(); + nsIPrincipal* principal = aLoadInfo->GetLoadingPrincipal(); + if (StaticPrefs::content_cors_use_triggering_principal()) { + // We use the triggering principal here, rather than the loading principal, + // to ensure that WebExtensions can reuse their own resources from content + // that they inject into a page. + // + // TODO(dholbert): Is there actually a legitimate reason that WebExtensions + // might need this (as opposed to exposing their resources for use in + // web-content via the 'web_accessible_resources' manifest field)? + principal = aLoadInfo->TriggeringPrincipal(); + } RefPtr<nsCORSListenerProxy> corsListener = new nsCORSListenerProxy( aInAndOutListener, principal, aLoadInfo->GetCookiePolicy() == nsILoadInfo::SEC_COOKIES_INCLUDE); ===================================== gfx/2d/FilterProcessingScalar.cpp ===================================== @@ -47,12 +47,12 @@ static void ApplyMorphologyHorizontal_Scalar( x++, startX++, endX++) { int32_t sourceIndex = y * aSourceStride + 4 * startX; uint8_t u[4]; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { u[i] = aSourceData[sourceIndex + i]; } sourceIndex += 4; for (int32_t ix = startX + 1; ix <= endX; ix++, sourceIndex += 4) { - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { if (Operator == MORPHOLOGY_OPERATOR_ERODE) { u[i] = umin(u[i], aSourceData[sourceIndex + i]); } else { @@ -62,7 +62,7 @@ static void ApplyMorphologyHorizontal_Scalar( } int32_t destIndex = y * aDestStride + 4 * x; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { aDestData[destIndex + i] = u[i]; } } @@ -97,13 +97,13 @@ static void ApplyMorphologyVertical_Scalar( for (int32_t x = aDestRect.X(); x < aDestRect.XMost(); x++) { int32_t sourceIndex = startY * aSourceStride + 4 * x; uint8_t u[4]; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { u[i] = aSourceData[sourceIndex + i]; } sourceIndex += aSourceStride; for (int32_t iy = startY + 1; iy <= endY; iy++, sourceIndex += aSourceStride) { - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { if (Operator == MORPHOLOGY_OPERATOR_ERODE) { u[i] = umin(u[i], aSourceData[sourceIndex + i]); } else { @@ -113,7 +113,7 @@ static void ApplyMorphologyVertical_Scalar( } int32_t destIndex = y * aDestStride + 4 * x; - for (size_t i = 0; i < 4; i++) { + for (int32_t i = 0; i < int32_t(std::size(u)); i++) { aDestData[destIndex + i] = u[i]; } } ===================================== gfx/2d/InlineTranslator.h ===================================== @@ -92,7 +92,11 @@ class InlineTranslator : public Translator { already_AddRefed<SourceSurface> LookupExternalSurface(uint64_t aKey) override; void AddDrawTarget(ReferencePtr aRefPtr, DrawTarget* aDT) final { - mDrawTargets.InsertOrUpdate(aRefPtr, RefPtr{aDT}); + RefPtr<DrawTarget>& value = mDrawTargets.LookupOrInsert(aRefPtr); + if (mCurrentDT && mCurrentDT == value) { + mCurrentDT = nullptr; + } + value = aDT; } void AddPath(ReferencePtr aRefPtr, Path* aPath) final { ===================================== gfx/layers/ipc/CanvasTranslator.cpp ===================================== @@ -189,6 +189,10 @@ mozilla::ipc::IPCResult CanvasTranslator::RecvInitTranslator( } // Use the first buffer as our current buffer. + if (aBufferHandles.IsEmpty()) { + Deactivate(); + return IPC_FAIL(this, "No canvas buffer shared memory supplied."); + } mDefaultBufferSize = aBufferSize; auto handleIter = aBufferHandles.begin(); if (!CreateAndMapShmem(mCurrentShmem.shmem, std::move(*handleIter), @@ -365,11 +369,19 @@ void CanvasTranslator::GetDataSurface(uint64_t aSurfaceRef) { } void CanvasTranslator::RecycleBuffer() { + if (!mCurrentShmem.IsValid()) { + return; + } + mCanvasShmems.emplace(std::move(mCurrentShmem)); NextBuffer(); } void CanvasTranslator::NextBuffer() { + if (mCanvasShmems.empty()) { + return; + } + // Check and signal the writer when we finish with a buffer, because it // might have hit the buffer count limit and be waiting to use our old one. CheckAndSignalWriter(); ===================================== js/src/gc/Statistics.cpp ===================================== @@ -1518,7 +1518,7 @@ void Statistics::recordParallelPhase(PhaseKind phaseKind, TimeDuration duration) { MOZ_ASSERT(CurrentThreadCanAccessRuntime(gc->rt)); - if (aborted) { + if (slices_.empty()) { return; } ===================================== layout/printing/PrintTranslator.h ===================================== @@ -85,7 +85,11 @@ class PrintTranslator final : public Translator { } void AddDrawTarget(ReferencePtr aRefPtr, DrawTarget* aDT) final { - mDrawTargets.InsertOrUpdate(aRefPtr, RefPtr{aDT}); + RefPtr<DrawTarget>& value = mDrawTargets.LookupOrInsert(aRefPtr); + if (mCurrentDT && mCurrentDT == value) { + mCurrentDT = nullptr; + } + value = aDT; } void AddPath(ReferencePtr aRefPtr, Path* aPath) final { @@ -119,11 +123,11 @@ class PrintTranslator final : public Translator { } void RemoveDrawTarget(ReferencePtr aRefPtr) final { - ReferencePtr currentDT = mCurrentDT; - if (currentDT == aRefPtr) { + RefPtr<DrawTarget> removedDT; + if (mDrawTargets.Remove(aRefPtr, getter_AddRefs(removedDT)) && + mCurrentDT == removedDT) { mCurrentDT = nullptr; } - mDrawTargets.Remove(aRefPtr); } bool SetCurrentDrawTarget(ReferencePtr aRefPtr) final { ===================================== mobile/android/geckoview/src/main/java/org/mozilla/gecko/util/IntentUtils.java ===================================== @@ -72,7 +72,7 @@ public class IntentUtils { } if (("intent".equals(scheme) || "android-app".equals(scheme))) { - // Bug 1356893 - Rject intents with file data schemes. + // Bug 1356893 - Reject intents with file data schemes. return getSafeIntent(aUri) != null; } @@ -98,8 +98,11 @@ public class IntentUtils { } final Uri data = intent.getData(); - if (data != null && "file".equals(normalizeUriScheme(data).getScheme())) { - return null; + if (data != null) { + final String scheme = normalizeUriScheme(data).getScheme(); + if ("file".equals(scheme) || "fido".equals(scheme)) { + return null; + } } // Only open applications which can accept arbitrary data from a browser. ===================================== modules/libpref/init/StaticPrefList.yaml ===================================== @@ -1961,6 +1961,14 @@ value: false mirror: always +# If true, we'll use the triggering principal rather than the loading principal +# when doing CORS checks. This might be needed for WebExtensions to load their +# own resources from content that they inject into sites. +- name: content.cors.use_triggering_principal + type: bool + value: false + mirror: always + # Back off timer notification after count. # -1 means never. - name: content.notify.backoffcount ===================================== security/sandbox/linux/launch/SandboxLaunch.cpp ===================================== @@ -304,6 +304,8 @@ void SandboxLaunch::Configure(GeckoProcessType aType, SandboxingKind aKind, return; } + // Warning: don't combine multiple case labels, even if the code is + // currently the same, to avoid mistakes when changes are made. switch (aType) { case GeckoProcessType_Socket: if (level >= 1) { @@ -312,6 +314,12 @@ void SandboxLaunch::Configure(GeckoProcessType aType, SandboxingKind aKind, } break; case GeckoProcessType_GMPlugin: + if (level >= 1) { + canChroot = true; + flags |= CLONE_NEWIPC; + flags |= CLONE_NEWNET; + } + break; case GeckoProcessType_RDD: if (level >= 1) { canChroot = true; View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/59baa9… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/59baa9… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser-build][maint-14.5] 2 commits: Bug 40994: Add support in signing scripts to sign release for some archs only
by Pier Angelo Vendrame (＠pierov) 15 Sep '25

15 Sep '25

Pier Angelo Vendrame pushed to branch maint-14.5 at The Tor Project / Applications / tor-browser-build Commits: e37857b6 by Nicolas Vigier at 2025-09-15T21:10:43+02:00 Bug 40994: Add support in signing scripts to sign release for some archs only - - - - - c948c60b by Nicolas Vigier at 2025-09-15T21:10:51+02:00 Bug 41280: Update download-android-*.json files for android-only releases - - - - - 6 changed files: - projects/release/update_responses_config.yml - rbm.conf - tools/signing/do-all-signing - tools/signing/functions - tools/signing/upload-update_responses-to-staticiforme - tools/update-responses/update_responses Changes: ===================================== projects/release/update_responses_config.yml ===================================== @@ -1,6 +1,9 @@ --- tmp_dir: '[% c("tmp_dir") %]' create_downloads_json: 1 +[% IF !c("var/browser_platforms/signing_desktop") -%] +create_downloads_json_only: 1 +[% END -%] appname_marfile: '[% c("var/project-name") %]' appname_bundle: '[% c("var/project-name") %]' releases_dir: [% path(c('output_dir')) %][% IF ! c("var/nightly") %]/[% IF c("var/unsigned_releases_dir") -%]un[% END %]signed[% END %] ===================================== rbm.conf ===================================== @@ -81,8 +81,6 @@ var: browser_release_date_timestamp: '[% USE date; date.format(c("var/browser_release_date"), "%s") %]' browser_default_channel: release browser_platforms: - is_android_release: '[% c("var/tor-browser") %]' - is_desktop_release: '1' android-armv7: '[% c("var/browser_platforms/is_android_release") %]' android-x86: '[% c("var/browser_platforms/is_android_release") %]' android-x86_64: '[% c("var/browser_platforms/is_android_release") %]' @@ -93,6 +91,39 @@ var: windows-i686: '[% c("var/browser_platforms/is_desktop_release") && c("var/tor-browser") %]' windows-x86_64: '[% c("var/browser_platforms/is_desktop_release") %]' macos: '[% c("var/browser_platforms/is_desktop_release") %]' + + # is_android_release and is_desktop_release are used to quickly + # enable/disable all android or desktop platforms. If you want to + # check whether a release includes some android or desktop platforms + # see signing_android and signing_desktop below. + is_android_release: '[% c("var/tor-browser") %]' + is_desktop_release: '1' + + # signing_android is used in signing scripts to check if at least + # one android platform is being signed/published + signing_android: | + [%- + c("var/browser_platforms/android-armv7") || + c("var/browser_platforms/android-x86") || + c("var/browser_platforms/android-x86_64") || + c("var/browser_platforms/android-aarch64") + -%] + # signing_desktop is used in signing scripts to check if at least + # one desktop platform is being signed/published + signing_desktop: | + [%- + c("var/browser_platforms/linux-x86_64") || + c("var/browser_platforms/linux-i686") || + c("var/browser_platforms/linux-aarch64") || + c("var/browser_platforms/windows-i686") || + c("var/browser_platforms/windows-x86_64") || + c("var/browser_platforms/macos") + -%] + signing_windows: | + [%- + c("var/browser_platforms/windows-i686") || + c("var/browser_platforms/windows-x86_64") + -%] updater_enabled: 1 build_mar: 1 torbrowser_incremental_from: ===================================== tools/signing/do-all-signing ===================================== @@ -19,38 +19,66 @@ if [[ $1 = "-p" ]]; then shift fi +function is_legacy { + [[ "$tbb_version" = 13.* ]] +} + +if is_legacy; then + platform_android= + platform_desktop=1 + platform_macos=1 + platform_windows=1 +else + platform_android=$(rbm_showconf_boolean var/browser_platforms/signing_android) + platform_desktop=$(rbm_showconf_boolean var/browser_platforms/signing_desktop) + platform_macos=$(rbm_showconf_boolean var/browser_platforms/macos) + platform_windows=$(rbm_showconf_boolean var/browser_platforms/signing_windows) +fi + is_project torbrowser && nssdb=torbrowser-nssdb7 is_project mullvadbrowser && nssdb=mullvadbrowser-nssdb1 if [ -f "$passwords_gpg_file" ]; then echo "Reading passwords from $passwords_gpg_file" SEKRITS=$(gpg --decrypt "$passwords_gpg_file") - RCODESIGN_PW=$(get_sekrit 'rcodesign') - NSSPASS=$(get_sekrit "$nssdb (mar signing)") - KSPASS=$(get_sekrit "android apk ($tbb_version_type)") - YUBIPASS=$(get_sekrit "windows authenticode") + [ -n "$platform_macos" ] && \ + RCODESIGN_PW=$(get_sekrit 'rcodesign') + [ -n "$platform_desktop" ] && \ + NSSPASS=$(get_sekrit "$nssdb (mar signing)") + [ -n "$platform_android" ] && \ + KSPASS=$(get_sekrit "android apk ($tbb_version_type)") + [ -n "$platform_windows" ] && \ + YUBIPASS=$(get_sekrit "windows authenticode") GPG_PASS=$(get_sekrit "gpg") else echo "Rather than entering all the password manually, you may want to provide a gpg-encrypted file either on the command line (-p <filepath>) or in set-config.passwords." fi -test -f "$steps_dir/linux-signer-rcodesign-sign.done" || [ -n "$RCODESIGN_PW" ] || +[ -z "$platform_macos" ] || \ + [ -f "$steps_dir/linux-signer-rcodesign-sign.done" ] || \ + [ -n "$RCODESIGN_PW" ] || \ read -sp "Enter rcodesign passphrase for key-1: " RCODESIGN_PW echo -test -f "$steps_dir/linux-signer-signmars.done" || [ -n "$NSSPASS" ] || +[ -z "$platform_desktop" ] || \ + [ -f "$steps_dir/linux-signer-signmars.done" ] || \ + [ -n "$NSSPASS" ] || \ read -sp "Enter $nssdb (mar signing) passphrase: " NSSPASS echo -if is_project torbrowser; then - test -f "$steps_dir/linux-signer-sign-android-apks.done" || [ -n "$KSPASS" ] || - read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS - echo -fi -test -f "$steps_dir/linux-signer-authenticode-signing.done" || [ -n "$YUBIPASS" ] || +[ -z "$platform_android" ] || \ + [ -f "$steps_dir/linux-signer-sign-android-apks.done" ] || \ + [ -n "$KSPASS" ] || \ + read -sp "Enter android apk signing password ($tbb_version_type): " KSPASS +echo + +[ -z "$platform_windows" ] || \ + [ -f "$steps_dir/linux-signer-authenticode-signing.done" ] || \ + [ -n "$YUBIPASS" ] || \ read -sp "Enter windows authenticode passphrase: " YUBIPASS echo -test -f "$steps_dir/linux-signer-gpg-sign.done" || [ -n "$GPG_PASS" ] || + +[ -f "$steps_dir/linux-signer-gpg-sign.done" ] || [ -n "$GPG_PASS" ] || \ read -sp "Enter gpg passphrase: " GPG_PASS echo @@ -203,10 +231,6 @@ function do_step { echo "$(date -Iseconds) - Finished step: $1" } -function is_legacy { - [[ "$tbb_version" = 13.* ]] -} - export SIGNING_PROJECTNAME do_step set-time-on-signing-machine @@ -215,23 +239,34 @@ do_step sync-builder-unsigned-to-local-signed do_step clean-build-artifacts do_step sync-scripts-to-linux-signer do_step sync-before-linux-signer-rcodesign-sign -do_step linux-signer-rcodesign-sign -do_step sync-linux-signer-macos-signed-tar-to-local -do_step rcodesign-notary-submit -do_step gatekeeper-bundling -do_step dmg2mar +[ -n "$platform_macos" ] && \ + do_step linux-signer-rcodesign-sign +[ -n "$platform_macos" ] && \ + do_step sync-linux-signer-macos-signed-tar-to-local +[ -n "$platform_macos" ] && \ + do_step rcodesign-notary-submit +[ -n "$platform_macos" ] && \ + do_step gatekeeper-bundling +[ -n "$platform_macos" ] && \ + do_step dmg2mar do_step sync-scripts-to-linux-signer do_step sync-before-linux-signer-signmars -do_step linux-signer-signmars -do_step sync-after-signmars -is_project torbrowser && ! is_legacy && \ +[ -n "$platform_desktop" ] && \ + do_step linux-signer-signmars +[ -n "$platform_desktop" ] && \ + do_step sync-after-signmars +[ -n "$platform_android" ] && \ do_step linux-signer-sign-android-apks -is_project torbrowser && ! is_legacy && \ +[ -n "$platform_android" ] && \ do_step sync-after-sign-android-apks -do_step linux-signer-authenticode-signing -do_step sync-after-authenticode-signing -do_step authenticode-timestamping -do_step sync-after-authenticode-timestamping +[ -n "$platform_windows" ] && \ + do_step linux-signer-authenticode-signing +[ -n "$platform_windows" ] && \ + do_step sync-after-authenticode-signing +[ -n "$platform_windows" ] && \ + do_step authenticode-timestamping +[ -n "$platform_windows" ] && \ + do_step sync-after-authenticode-timestamping do_step hash_signed_bundles do_step sync-after-hash do_step linux-signer-gpg-sign @@ -240,6 +275,6 @@ do_step download-unsigned-sha256sums-gpg-signatures-from-people-tpo do_step sync-local-to-staticiforme do_step sync-scripts-to-staticiforme do_step staticiforme-prepare-cdn-dist-upload -! is_legacy && +! is_legacy && \ do_step upload-update_responses-to-staticiforme do_step finished-signing-clean-linux-signer ===================================== tools/signing/functions ===================================== @@ -69,5 +69,17 @@ function display_name { echo "${SIGNING_PROJECTNAMES[3]}" } +function rbm_showconf { + "$rbm" showconf release "$1" --target "$SIGNING_PROJECTNAME" \ + --target "$tbb_version_type" +} + +function rbm_showconf_boolean { + local res=$(rbm_showconf "$1") + if [ -z "$res" ] || [ "a$res" = "a0" ]; then + return + fi + echo '1' +} . "$script_dir/set-config" ===================================== tools/signing/upload-update_responses-to-staticiforme ===================================== @@ -56,7 +56,8 @@ do git commit -m "$tbb_version_type: new version, $tbb_version ($file)" done -if is_project torbrowser; then +platform_android=$(rbm_showconf_boolean var/browser_platforms/signing_android) +if [ -n "$platform_android" ]; then git add "$tbb_version_type"/download-android-*.json git diff --quiet --cached --exit-code || \ git commit -m "$tbb_version_type: new version, $tbb_version (android)" ===================================== tools/update-responses/update_responses ===================================== @@ -467,14 +467,16 @@ sub write_downloads_json { my $versions = as_array($config->{channels}{$channel}); my ($version) = @$versions; my $tag = get_config($config, $version, 'any', 'tag'); - my $data = { - version => "$version", - tag => "$tag", - downloads => get_version_downloads($config, $version), - comment => 'This file is deprecated and should not be used. Please use the files download-$platform.json instead.', - }; - write_htdocs($channel, '.', 'downloads.json', - JSON->new->utf8->canonical->pretty->encode($data)); + if (!$config->{create_downloads_json_only}) { + my $data = { + version => "$version", + tag => "$tag", + downloads => get_version_downloads($config, $version), + comment => 'This file is deprecated and should not be used. Please use the files download-$platform.json instead.', + }; + write_htdocs($channel, '.', 'downloads.json', + JSON->new->utf8->canonical->pretty->encode($data)); + } my $pp_downloads = get_perplatform_downloads($config, $version, $tag); foreach my $os (keys %{$pp_downloads}) { write_htdocs($channel, '.', "download-$os.json", @@ -637,8 +639,10 @@ my %actions = ( exit_error "Wrong arguments" unless @ARGV == 1; my $channel = $ARGV[0]; exit_error "Unknown channel $channel" unless $config->{channels}{$channel}; - write_responses($config, $channel); - write_htaccess($config, $channel); + if (!$config->{create_downloads_json_only}) { + write_responses($config, $channel); + write_htaccess($config, $channel); + } write_downloads_json($config, $channel); }, gen_incrementals => sub { View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/… You're receiving this email because of your account on gitlab.torproject.org.

1 0